Email regulation issues leave businesses confused
New research sponsored by Mimecast reveals that UK IT departments are struggling to cope with complex and conflicting regulations around email retention and archiving, which is in turn raising knock-on legalit and ediscovery issues.
The research, which surveyed IT managers on their organisations’ email policies and archiving practices, found that just 30% of UK businesses retain archived email for three years or more, with one in four (26%) admitting that they do not have a clear policy on retaining email at all.
• Email retention policies are often ad hoc or based on guesswork – Just one in four IT departments (27%) have an email retention policy designed to comply with industry regulations
• 41% of UK businesses surveyed say their archiving policies are based on ‘internal best practice’ with no consideration given to industry or country specific regulations
• 6% of businesses admit to deciding their email retention policy around a ‘random future date’ with ‘no basis’
Ediscovery for email is a major area of concern – Many businesses are not confident that they would be able to identify all emails relating to a specific customer in a timely manner:
• On average, it would take a UK business 12 working days to identify all emails relating to a potential litigation
• 17% of UK businesses do not think they would be able to comply with this kind of email eDiscovery request within a month
Concern around email compliance – IT departments are concerned that they are leaving their businesses exposed:
• Just one in four (26%) IT teams are ‘completely confident’ that their email policies comply with all relevant regulations
• 48% are ‘mostly confident’ with 23% ‘minimally confident’ or ‘not at all confident’
“For a busy IT department, managing and enforcing corporate email policies might seem to be a peripheral issue, but if they don’t get it right they could expose the organisation to huge risk,” commented Jeff Wright, Partner & IT Director, Morgan Cole. “Failing to comply with an eDiscovery for email request can be very serious and the 12 working days cited by the research is likely to be too slow and, in my experience, an overly optimistic estimate. In the event of litigation, you need to be able to provide all relevant messages as soon as possible and, crucially, guarantee their accuracy. Once an email is sent or received, it is often not possible to know how many copies exist, where they reside or if they have been tampered with or edited. Therefore a firm without a complete record of all its email history will not be in a position to accurately assess their level of risk.”
“It is clear that businesses are struggling to ensure their email policies and systems comply with the myriad rules and regulations governing this area,” commented Simon Thompson, Partner, Change Harbour. “The fact that just one in four organisations base their archiving policies on industry regulation is particularly worrying as many sectors have their own rules regarding email retention. What I have often seen is that, because this is such a high risk area, and the potential for damage is so high, IT teams tend to try and mitigate these risks by implementing their own solutions internally. Of course it’s very hard to do that effectively given the resource constraints that affect every business. This is where cloud computing can really be of value. A properly architected and implemented cloud solution can reduce the cost of these compliance technologies and help reduce the risks associated with email archiving and eDiscovery.”
Click here for the whitepaper Inbox on Trial – Legal Implications